From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C87DAC433F5 for ; Mon, 24 Jan 2022 14:42:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240100AbiAXOmv (ORCPT ); Mon, 24 Jan 2022 09:42:51 -0500 Received: from mga06.intel.com ([134.134.136.31]:21631 "EHLO mga06.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230077AbiAXOmt (ORCPT ); Mon, 24 Jan 2022 09:42:49 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1643035369; x=1674571369; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=JEOuMGE6j8MsLaGP5CGaIuZdoK/9NmJGoVVlOxZm7ww=; b=FHCXlowzuY9qcCtqNmaQNPuUC1P/6wNHql+0iGfXdTgkWhGYDXt+pITA wfXBNPSCmCf8lP0tLQipZfSRpHryqLZcNN1LHWO18h0Qq/zTbqOkqaqyH FWYuRCyKqwjX7mHFQ/roejKlKjmlPbESPL21ht/QRjltLWSHiUavDPM3Y Ae99VOfpEQQrlGTJ4fL13Hda8uvAwK0d4KclUWIGZgwoqzWkrNGD8jLMm KY0gSIn6GnMxXNib4gVVV4TkS71ETJBzacXLXZYEQXJOvBLm+DbWojKat o9H+3zTP1zIzsJ3xSX5AKzHKD+nBfYl3BUxEc3d8mcrVnObW0IVvUkt0K A==; X-IronPort-AV: E=McAfee;i="6200,9189,10236"; a="306772604" X-IronPort-AV: E=Sophos;i="5.88,311,1635231600"; d="scan'208";a="306772604" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2022 06:42:48 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.88,311,1635231600"; d="scan'208";a="494640262" Received: from black.fi.intel.com ([10.237.72.28]) by orsmga002.jf.intel.com with ESMTP; 24 Jan 2022 06:42:46 -0800 Received: by black.fi.intel.com (Postfix, from userid 1003) id EAC9215C; Mon, 24 Jan 2022 16:42:59 +0200 (EET) From: Andy Shevchenko To: Petr Mladek , linux-kernel@vger.kernel.org Cc: Steven Rostedt , Sergey Senozhatsky , Andy Shevchenko , Rasmus Villemoes , Sakari Ailus Subject: [PATCH v2 1/2] vsprintf: Fix potential unaligned access Date: Mon, 24 Jan 2022 16:42:57 +0200 Message-Id: <20220124144258.34120-1-andriy.shevchenko@linux.intel.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The %p4cc specifier in some cases might get an unaligned pointer. Due to this we need to make copy to local variable once to avoid potential crashes on some architectures due to improper access. Fixes: af612e43de6d ("lib/vsprintf: Add support for printing V4L2 and DRM fourccs") Cc: Sakari Ailus Signed-off-by: Andy Shevchenko Reviewed-by: Petr Mladek --- v2: added Petr's tag lib/vsprintf.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/lib/vsprintf.c b/lib/vsprintf.c index 61528094ec87..4e8f3e9acb99 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -49,6 +49,7 @@ #include /* for PAGE_SIZE */ #include /* cpu_to_le16 */ +#include #include #include "kstrtox.h" @@ -1762,7 +1763,7 @@ char *fourcc_string(char *buf, char *end, const u32 *fourcc, char output[sizeof("0123 little-endian (0x01234567)")]; char *p = output; unsigned int i; - u32 val; + u32 orig, val; if (fmt[1] != 'c' || fmt[2] != 'c') return error_string(buf, end, "(%p4?)", spec); @@ -1770,21 +1771,22 @@ char *fourcc_string(char *buf, char *end, const u32 *fourcc, if (check_pointer(&buf, end, fourcc, spec)) return buf; - val = *fourcc & ~BIT(31); + orig = get_unaligned(fourcc); + val = orig & ~BIT(31); - for (i = 0; i < sizeof(*fourcc); i++) { + for (i = 0; i < sizeof(u32); i++) { unsigned char c = val >> (i * 8); /* Print non-control ASCII characters as-is, dot otherwise */ *p++ = isascii(c) && isprint(c) ? c : '.'; } - strcpy(p, *fourcc & BIT(31) ? " big-endian" : " little-endian"); + strcpy(p, orig & BIT(31) ? " big-endian" : " little-endian"); p += strlen(p); *p++ = ' '; *p++ = '('; - p = special_hex_number(p, output + sizeof(output) - 2, *fourcc, sizeof(u32)); + p = special_hex_number(p, output + sizeof(output) - 2, orig, sizeof(u32)); *p++ = ')'; *p = '\0'; -- 2.34.1